예제 #1
0
def _GetExternalAccountCredentials():
    external_account_filename = config.get('Credentials',
                                           'gs_external_account_file', None)
    if not external_account_filename:
        return None

    return WrappedCredentials.for_external_account(external_account_filename)
예제 #2
0
    def testWrappedCredentialSerialization(self):
        """Test logic for converting Wrapped Credentials to and from JSON for serialization."""
        creds = WrappedCredentials(
            identity_pool.Credentials(
                audience="foo",
                subject_token_type="bar",
                token_url="baz",
                credential_source={"url": "www.google.com"}))
        creds.access_token = ACCESS_TOKEN
        creds.token_expiry = datetime.datetime(2001, 12, 5, 0, 0)
        creds_json = creds.to_json()
        json_values = json.loads(creds_json)
        self.assertEquals(json_values["client_id"], "foo")
        self.assertEquals(json_values['access_token'], ACCESS_TOKEN)
        self.assertEquals(json_values['token_expiry'], "2001-12-05T00:00:00Z")
        self.assertEquals(json_values["_base"]["audience"], "foo")
        self.assertEquals(json_values["_base"]["subject_token_type"], "bar")
        self.assertEquals(json_values["_base"]["token_url"], "baz")
        self.assertEquals(json_values["_base"]["credential_source"]["url"],
                          "www.google.com")

        creds2 = WrappedCredentials.from_json(creds_json)
        self.assertIsInstance(creds2, WrappedCredentials)
        self.assertIsInstance(creds2._base, identity_pool.Credentials)
        self.assertEquals(creds2.client_id, "foo")
        self.assertEquals(creds2.access_token, ACCESS_TOKEN)
        self.assertEquals(creds2.token_expiry, creds.token_expiry)
예제 #3
0
    def testWrappedCredentialUsage(self, http):
        http.return_value.request.return_value = (RESPONSE, CONTENT)
        req = http.return_value.request

        creds = WrappedCredentials(
            MockCredentials(token=ACCESS_TOKEN,
                            audience="foo",
                            subject_token_type="bar",
                            token_url="baz",
                            credential_source="qux"))

        http = oauth2client.transport.get_http_object()
        creds.authorize(http)
        response, content = http.request(uri="www.google.com")
        self.assertEquals(content, CONTENT)
        creds._base.refresh.assert_called_once_with(mock.ANY)

        # Make sure the default request gets called with the correct token.
        req.assert_called_once_with("www.google.com",
                                    method="GET",
                                    headers=HeadersWithAuth(ACCESS_TOKEN),
                                    body=None,
                                    connection_type=mock.ANY,
                                    redirections=mock.ANY)
예제 #4
0
    def testWrappedCredentialSerializationMissingKeywords(self):
        """Test logic for creating a Wrapped Credentials using keywords that exist in IdentityPool but not AWS."""
        creds = WrappedCredentials.from_json(
            json.dumps({
                "client_id": "foo",
                "access_token": ACCESS_TOKEN,
                "token_expiry": "2001-12-05T00:00:00Z",
                "_base": {
                    "audience": "foo",
                    "subject_token_type": "bar",
                    "token_url": "baz",
                    "credential_source": {
                        "url": "www.google.com",
                        "workforce_pool_user_project": "1234567890"
                    }
                }
            }))

        self.assertIsInstance(creds, WrappedCredentials)
        self.assertIsInstance(creds._base, identity_pool.Credentials)